TL;DR: RSA Conference 2026 kicks off March 23-26 in San Francisco with 40,000+ attendees. Without CISA, FBI, or NSA. Eight days after former CISA Director Jen Easterly was named RSAC CEO, federal agencies scrubbed their speakers from the agenda. Panels on disrupting China's Typhoon hackers? Gone. FBI cyber warfare talks? Vanished. The official excuse is "taxpayer stewardship." The real reason is political revenge.
The Federal Disappearing Act
RSA Conference has been the federal government's main pipeline to the private cybersecurity industry for over three decades. FBI cyber officials share threat intelligence. NSA cryptographers unveil research. CISA coordinates with critical infrastructure defenders. That's how it's supposed to work.
In January 2026, that stopped. Here's the timeline:
- January 15: RSAC announces Jen Easterly as its new CEO. Easterly ran CISA from 2021 to 2025 before being fired by the Trump administration.
- January 23: Eight days later, CISA, FBI, and NSA speakers quietly disappear from the conference agenda.
- January 24: CISA spokesperson Marci McCarthy confirms they "will not participate" in RSA, citing "good stewardship of taxpayer dollars."
McCarthy refused to say whether Easterly's appointment influenced the decision. She didn't need to. The timing spoke for itself.
The Panels You Won't See
Before the boycott, federal agencies had several sessions on the RSA 2026 agenda:
- "Hunt for China's Typhoons": A "behind-the-scenes" look at FBI, NSA, and private industry operations to disrupt Beijing's espionage campaigns targeting US critical infrastructure. Salt Typhoon, Volt Typhoon, Flax Typhoon (the hacking groups that compromised US wiretap systems and telecom networks).
- FBI Cyber Warfare Talk: Details unknown, but likely covering recent intrusions into power grids, water systems, and communications infrastructure.
- Seven-Agent FBI Panel: How to engage with the FBI and develop incident response plans. Practical guidance for companies facing nation-state attacks.
- Chris Butera (CISA): The acting deputy head of CISA's cyber division was scheduled to represent the agency across multiple sessions.
All of it: gone. The agencies that possess the most detailed intelligence on Chinese hacking operations won't share any of it at the conference where 40,000 security professionals gather to learn how to defend against exactly those threats.
Who Is Jen Easterly?
Easterly spent 30 years in national security. She helped build US Cyber Command at the NSA. She served as head of intelligence and operations at Morgan Stanley. In 2021, Biden appointed her to run CISA, the agency responsible for protecting federal networks and critical infrastructure.
The Trump administration fired her in January 2025. Homeland Security Secretary Kristi Noem said CISA had "gone off the rails." Far-right commentator Laura Loomer accused Easterly of "election censorship." The Army rescinded her offer to teach at West Point after Loomer's criticism.
Now she runs the world's largest cybersecurity conference. And federal officials are so upset about it that they'd rather skip the entire event than share a venue with her.
Security Takes a Back Seat to Pettiness
CISA's official justification: "returning to our statutory, core mission" and "maximum impact and good stewardship of taxpayer dollars."
That explanation doesn't hold up. RSA Conference has always been where federal agencies build relationships with the private sector defenders who actually run most of America's critical infrastructure. Banks, hospitals, power companies, telecom providers. They're all there. Skipping RSA doesn't save much taxpayer money. It costs us real security coordination.
Here's what's actually happening: the Trump administration is trying to punish Easterly and anyone who platforms her. The agencies with the most critical intelligence about ongoing threats, including the same Chinese hackers who breached FBI wiretap systems, won't share that intelligence because they're angry about a personnel decision at a private company.
Meanwhile, those Chinese hackers aren't taking a boycott break.
Who Is Still Speaking
The conference isn't empty. RSA 2026 still has a stacked keynote lineup:
- General Keith Alexander (Ret.): Former NSA Director and first commander of US Cyber Command. Notably, he's speaking while current NSA officials aren't allowed to.
- Richard Horne: CEO of the UK's National Cyber Security Centre
- Despina Spanou: European Commission's principal adviser for cybersecurity coordination
- Dr. Mohamed Al Kuwaiti: Head of Cyber Security for the UAE government
- Jacinda Ardern: Former Prime Minister of New Zealand
- The Cryptographers' Panel: Whitfield Diffie, Cynthia Dwork, and Adi Shamir discussing the state of encryption
UK and European cyber officials will share insights on AI security, cross-border threats, and national resilience. America's own agencies will be absent.
The Real Security Story: AI Agents Under Attack
While federal officials play politics, RSA 2026 is covering what actually matters: the security crisis around AI agents.
This year's theme is "Power of Community," but the real conversation is about agentic AI, autonomous systems that execute tasks across enterprise environments. Think AI assistants that can send emails, query databases, and execute code without human approval. Gartner says 40% of enterprise apps will have AI agents by year end.
The problem: these agents are wide open to attack. CVE-2026-2256 in the MS-Agent framework showed how prompt injection can hijack an AI agent to run arbitrary system commands. One manufacturing company lost $3.2 million when attackers compromised their AI procurement agent.
RSA 2026 will feature sessions on:
- Prompt injection attacks: How attackers manipulate AI agents to bypass security controls
- Shadow agents: Unapproved AI assistants operating outside security visibility
- Cascading failures: What happens when one compromised agent infects an entire enterprise workflow
- Tool misuse and privilege escalation: AI agents that get tricked into accessing resources they shouldn't
Coalition for Secure AI (CoSAI) is hosting dedicated programming. Microsoft, CrowdStrike, Google, and Cisco all have major AI security presences. This is the conversation that needed federal participation. It won't get it.
The Bigger Picture: CISA in Crisis
The RSA boycott isn't happening in isolation. CISA is projected to lose a third of its workforce under the Trump 2026 budget. TechCrunch reported in February that the agency is "in dire shape" amid cuts and layoffs.
This is the agency responsible for:
- Coordinating critical infrastructure defense
- Warning private companies about active cyber threats
- Responding to major incidents like the SolarWinds hack
- Protecting federal networks from nation-state attackers
Now it's getting gutted and its former director runs the conference its officials can't attend. The message is clear: loyalty to the administration matters more than cybersecurity. If you make Trump officials look bad, they'll abandon the entire mission to make a point.
What to Watch at RSA 2026
If you're attending or following the conference remotely, here's what matters:
- AI Agent Security: The MS-Agent vulnerability and enterprise adoption curve are the biggest stories. Watch for practical defenses against prompt injection.
- UK and EU perspectives: With US officials absent, international speakers will fill the intelligence gap. Pay attention to Richard Horne and Despina Spanou.
- Cryptographers' Panel: Diffie, Dwork, and Shamir discussing encryption at a time when the UK is pushing backdoors and Signal threatens to leave rather than comply.
- Easterly's presence: How she addresses the boycott, if at all, will set the tone for RSAC's independence from government pressure.
- Innovation Sandbox: The startup competition often previews what enterprise security will look like in 2-3 years.
The Bottom Line
RSA Conference 2026 runs March 23-26 at Moscone Center in San Francisco. 40,000+ security professionals will attend. The conference theme is "Power of Community." The theme demonstrated by federal officials is something different: the power of spite.
Chinese hackers compromised FBI surveillance systems. Salt Typhoon has been inside US telecom networks for months. Critical infrastructure faces unprecedented threats. And the agencies with the best intelligence on those threats are sitting home because they don't like that a private company hired a woman they fired.
That's the state of American cybersecurity in 2026. The threats are real. The pettiness is worse.
References
- The Register - Feds Skipping Infosec Industry's Biggest Conference, RSAC
- Cybersecurity Dive - Federal Agencies Abruptly Pull Out of RSAC After Organizer Hires Easterly
- PR Newswire - Jen Easterly Named CEO of RSAC
- RSAC - Keynote Speaker Lineup Revealed for 2026
- Nextgov - CISA to Cease Participation at RSAC Conference
- TechCrunch - CISA Reportedly in Dire Shape Amid Trump Cuts and Layoffs
- Microsoft - Your Complete Guide to Microsoft Experiences at RSAC 2026
- Coalition for Secure AI - CoSAI at RSAC 2026